6576 matches found
Attendance and Payroll System SQL注入漏洞
Attendance and Payroll System is an attendance and payroll system using PHP/MySQLi source code from oretnom23 individual developers. sourcecodester Attendance and Payroll System is vulnerable to SQL injection, which can be exploited by remote attackers to bypass authentication via unprocessed log...
CVE-2022-25492
HMS v1.0 was discovered to contain a SQL injection vulnerability via the medicineid parameter in ajaxmedicine.php...
CVE-2022-25490
HMS v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in department.php...
CVE-2022-25488
Atom CMS v2.0 was discovered to contain a SQL injection vulnerability via the id parameter in /admin/ajax/avatar.php...
HMS SQL注入漏洞
HMS is a computer or web based hospital management system by Kabir Khyrul personal developer in Bangladesh. It helps to manage the operations of a hospital or any healthcare organization. A SQL injection vulnerability exists in HMS version 1.0, which allows attackers to perform SQL injection via...
CVE-2022-24606
Luocms v2.0 is affected by SQL Injection in /admin/news/sortok.php...
Network Olympus SQL注入漏洞
Network Olympus is Softinventive Lab's enterprise network for agentless monitoring. Network Olympus version 1.8.0 is vulnerable to SQL injection, which stems from a missing sqlparameter JSON parameter in /api/eventinstance validation of external input SQL statements. An attacker could exploit thi...
Quicklert SQL注入漏洞
Quicklert is an easy-to-use messaging, alerting, and emergency response solution from Quicklert USA, Inc. Quicklert for Digium version 10.0.0 is vulnerable to SQL injection, which originates from the login.jsp page. The vulnerability stems from the application's lack of validation of externally...
cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands
A flaw was found in the SQL plugin shipped with Cyrus SASL. The vulnerability occurs due to failure to properly escape SQL input and leads to an improper input validation vulnerability. This flaw allows an attacker to execute arbitrary SQL commands and the ability to change the passwords for othe...
The vulnerability of the Microsoft Defender for IoT’s threat detection mechanism, related to the lack of protection measures for the SQL query structure, allows attackers to execute arbitrary code.
The vulnerability of the Microsoft Defender for IoT’s threat detection mechanism is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a attacker to execute arbitrary code...
cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands
A flaw was found in the SQL plugin shipped with Cyrus SASL. The vulnerability occurs due to failure to properly escape SQL input and leads to an improper input validation vulnerability. This flaw allows an attacker to execute arbitrary SQL commands and the ability to change the passwords for othe...
cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands
A flaw was found in the SQL plugin shipped with Cyrus SASL. The vulnerability occurs due to failure to properly escape SQL input and leads to an improper input validation vulnerability. This flaw allows an attacker to execute arbitrary SQL commands and the ability to change the passwords for othe...
CVE-2022-23972
ASUS RT-AX56U’s SQL handling function has an SQL injection vulnerability due to insufficient user input validation. An unauthenticated LAN attacker to inject arbitrary SQL code to read, modify and delete database...
CVE-2021-43077
A improper neutralization of special elements used in an sql command 'sql injection' in Fortinet FortiWLM version 8.6.2 and below, version 8.5.2 and below, version 8.4.2 and below, version 8.3.2 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to the AP...
CLSA-2022-1646061262 Fix CVE(s): CVE-2022-24407
SECURITY UPDATE: SQL injection in SQL plugin - debian/patches/CVE-2022-24407.patch: escape password for SQL insert/update commands in plugins/sql.c. - CVE-2022-24407...
Lansweeper SQL注入漏洞
Lansweeper is an IT asset management system from Lansweeper Belgium. The system includes features such as IT asset discovery and network settings scanning. Lansweeper lansweeper EchoAssets.aspx suffers from a SQL injection vulnerability that can be triggered by an attacker making an authenticated...
CVE-2022-25096
Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in /members/viewmember.php...
AZL-8794 CVE-2022-24407 affecting package cyrus-sasl for versions less than 2.1.28-1
In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement...
cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands
A flaw was found in the SQL plugin shipped with Cyrus SASL. The vulnerability occurs due to failure to properly escape SQL input and leads to an improper input validation vulnerability. This flaw allows an attacker to execute arbitrary SQL commands and the ability to change the passwords for othe...
cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands
A flaw was found in the SQL plugin shipped with Cyrus SASL. The vulnerability occurs due to failure to properly escape SQL input and leads to an improper input validation vulnerability. This flaw allows an attacker to execute arbitrary SQL commands and the ability to change the passwords for othe...